Hi jleach, if you have to ask, the answer might not be so valuable for you ;) zopes acl_user folder, which is the standard, supports HTTP Basic Authentication as of rfc2616. This means the username/password is not encrypted in the HTTP session, rather it is obfuscated using base64 encoding. The storage in the object database is encrypted using SHA hashing. (At least last time I checked this) Does this help you? You can use any other authentication mechanism, if you use a different User-Folder and/or implement it yourself (and hope your clients do as well) Most common practice is using Apache (or Squid 2.5) as ssl-proxy in front of zope. HTH Tino Wildenhain --On Mittwoch, 18. Juli 2001 14:20 -0700 "Jason C. Leach" <jleach@drivingbeat.com> wrote:
hi,
how are Zope passwords transmitted? Secure or UN-secure?
j. -- ...................... ..... Jason C. Leach ..
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )